The increase in telehealth services by Medicare beneficiaries drives more scrutiny, audit, and enforcement actions by the Office of the Inspector General (OIG).Continue reading
CJ Wolf, MD writes enforcement action summaries for the YouCompli blog. These summaries provide real-world examples of regulators’ response to practices that don’t fully comply with regulations.
This month’s article looks at physician coding and billing cases. It reflects remarks CJ made at HCCA’s 2022 Compliance Institute. (For more insights from the Compliance Institute, download our white paper on how compliance professionals can help healthcare institutions mitigate risk.)
Physicians are often seen as the drivers in healthcare. They examine patients, order labs and diagnostic testing. They perform procedures and surgeries, admit patients to hospitals, and document in the medical record.
If you ask physicians what they think about coding and billing, most of them will tell you this: The rules do not make sense, are hard to understand, and are constantly changing. Most of them are doing their best to apply the confusing rules as they care for patients. Some might even be billing improperly on purpose. Either way, these examples highlight the consequences of “getting it wrong.” They offer clues for compliance professionals to spot training opportunities before they become enforcement actions.
Billing for services not needed or received
In March of 2022, a New Jersey rheumatologist was convicted by a federal jury for defrauding Medicare and other health insurance programs. She had billed for services that were either unnecessary or were not provided. Court documents demonstrated the physician billed for expensive infusion medication that her practice never purchased. She also fraudulently billed millions of dollars for allergy services that patients never needed or received. The doctor will be sentenced in July for multiple counts of healthcare fraud. Each count carries a maximum penalty of 10 years.
Compliance officers should watch for:
Follow the money. If a practice is billing millions of dollars for allergies services, that code or set of codes is likely to stand out as an outlier to compliance programs monitoring all their billing data. Compliance officers should have a true sense of what their organization’s bread and butter services are. Then, they should perform regular audits of those high dollar, high volume services.
Billing for unnecessary urine drug testing
A Florida physician, serving as a medical director for a sober living facility, was found guilty of healthcare fraud. The federal jury found that he had ordered medically unnecessary urine drug tests. Court documents showed the physician unlawfully billed approximately $110 million of urinalysis (UA) drug testing services that were medically unnecessary for patients. Some of the evidence used at trial included inappropriate standing orders for UA drug tests in exchange for a monthly fee. As a condition of residency, patients had to submit to excessive and medically unnecessary urine drug testing three to four times per week.
Evidence also showed the medical director did not review the UA drug test results and did not use the UA drug tests to treat the patients. This lack of review called the necessity of the tests into question. In addition, the doctor had these same patients sent to his office so he could also fraudulently bill for services through his own practice. He faces up to 20 years in prison for healthcare fraud and wire fraud conspiracy. He faces another 10 years for each of eleven counts of healthcare fraud.
Compliance officers should watch for:
If your organization allows for standing orders, you should have a written policy that guides their use. The policy should outline the risks and benefits of the standing orders. It should describe when they are appropriate and when they are not appropriate. That policy should also outline the process for reviewing standing orders on a regular basis to determine if they are still appropriate. If it’s been more than a year since you’ve reviewed a standing order, you may want to schedule a review soon.
Modifier misuse: unbundling under modifier 25
Billing and coding modifiers can also be an area of risk for physicians. In general, most encounters are reported with one Healthcare Common Procedure Coding System / Current Procedural Terminology (HCPCS/CPT) code. Medicare generally prohibits healthcare providers from separately billing for E&M services provided on the same day as another medical procedure. The exception is if the E&M services are significant, separately identifiable, and above and beyond the usual preoperative and postoperative care associated with the medical procedure.
When the E&M service meets this definition, modifier 25 can appropriately be appended to the E&M code. When that is done, a physician is, in essence, certifying that the procedure and E&M are separate enough to meet the definition of the modifier.
A urology practice learned an expensive lesson by allegedly using modifier 25 inappropriately. The practice agreed to pay $1.85 million to resolve allegations of modifier misuse. The case was initiated by a qui tam whistleblower. Allegedly the practice used modifier 25 to improperly unbundle routine E&M services that were not separately billable from other procedures performed on the same day. As a result, the practice improperly claimed compensation from Medicare for certain urological services. The whistleblower had performed audits that allegedly showed an overall error rate for the practice of 58% with some physicians showing a 100% error rate.
Compliance officers should watch for:
Any specialty could potentially run into problems with modifier 25. Consider common clinical scenarios such as a scheduled procedure. For example, in urology a physician might schedule a patient to return to the office another day for a scope procedure or a prostate biopsy. Frequently, upon return, the procedure is performed but a significant, separately identifiable evaluation and management service might not be performed. In those cases, it would not be appropriate to bill the procedure and an E&M service, but rather only the procedure. Automatically billing an E&M with modifier 25 just because the patient was in the office would be a red flag.
Physicians and their practices need to be aware of coding and billing risks. Enforcement agencies and potential whistleblowers may identify outliers or flat-out fraud. Common mistakes may include a lack of documentation or not performing a service but billing for it anyway. Other common mistakes are billing for procedures or services that were performed but were not medically necessary and misuse of medical codes and/or modifiers.
Managing regulatory change is a critical way to avoid enforcement actions. YouCompli is the only healthcare compliance solution that combines actionable, regulatory analysis with a simple SaaS workflow to help you manage regulatory change. Read more about the rollout and accountability of requirements or schedule a demo.
Download our white paper on how compliance professionals can help healthcare institutions mitigate risk.
Never miss an article from YouCompli
Emergency preparedness has always been one of the top concerns of hospital administrators and medical staff, but never has it been more critical. As the the coronavirus pandemic continues to impact the United States, and facilities are struggling to maintain levels of personal protective equipment (PPE) and ventilators, administrators and compliance professionals should also review the updated federal emergency preparedness requirements, published by the Centers for Medicare and Medicaid Services (CMS) in the Federal Register on September 30, 2019.
We previously blogged about these requirements in 2017, but the requirements have changed in the past few years. Here are the four core elements of a hospital’s emergency preparedness plan to handle natural and man-made disasters — and a look at how they are impacted by last year’s final rule revision by CMS:
Risk Assessment and Planning
Commonly referred to as the emergency plan, CMS requires such a strategy to be developed and then updated at least once a year. It is based on certain risk assessments and uses an “all-hazards” approach that focuses on hospital capacities and capabilities, care-related emergencies, equipment and power failures, communication interruptions (including cyberattacks), and interruptions to water, food, and medication supply chains.
A major change to this element involves hospital climate control and power. Facilities are no longer required to heat and cool the building evenly. However, safe temperatures are to be maintained in areas deemed necessary to protect patients, other people in the facility, and provisions stored in the facility during the course of an emergency, as determined by a risk assessment. If a hospital is unable to maintain safe temperatures, it should follow an established plan for a timely relocation/evacuation that avoids patient exposure to harmful conditions. Additionally, hospitals are required to have an essential electric system with a generator that complies with the NFPA 99 – Health Care Facilities Code.
Like before, the plan must include strategies for addressing emergency events and include a process to work in conjunction with local, tribal, regional, state, and federal emergency preparedness officials. But the key change to the all-hazards approach — and this is crucial in light of recent events — is that all participating hospitals must be prepared for emerging infectious disease (EID) threats, such as the coronavirus. EIDs may require modification to standard facility protocols to protect the health and safety of patients and personnel, such as isolation and PPE usage.
This element received additional fine-tuning. Participating hospitals still must develop a communication plan that complies with local, state, and federal laws and the plan must be reviewed and updated annually. It should now also include the names and contact information of key hospital personnel for local, tribal, regional, state, and federal emergency preparedness officials. And, it should detail how patient care is coordinated within the facility, across healthcare providers, and with local and state public health departments and emergency management systems.
Policies and Procedures
Hospital policies and procedures still must be based on the emergency plan, risk assessment, and the communication plan, and must be reviewed and updated at least once a year. They should address a broad range of topics and situations, including subsistence needs (water, food, medical supplies) of patients and staff, emergency staffing strategies, tracking the location of on-duty staff and patients during emergencies, sheltering-in-place plans, and patient relocation/evacuation plans.
Training and Testing Program
This revised element the result of an additive process. Program development is based on the emergency plan, the risk assessment, the communication plan, and the policies and procedures. As before, the final rule states the program must detail who needs to be trained, describe the frequency of training, how knowledge is assessed, and document how the training was conducted.
During the course of normal events, hospitals are required to annually conduct a mock disaster drill that is either a full-scale, community-based or individual facility-based exercise. In addition, hospitals must also hold a discussion-based tabletop exercise with its senior staff to discuss hypothetical emergency scenarios and reassess policies and procedures. But recent years have not been normal.
Along with the coronavirus outbreak, many parts of the country have suffered from an increase in natural disasters or mass shootings. The final rule revision acknowledges this wide spectrum of emergencies. If there is an event that activates a hospital’s emergency plan, that facility is exempt from holding its annual mock disaster drill for one year following the incident, provided it has written documentation. If a hospital activates its emergency plan twice in one year, it is exempt from both the mock disaster drill and tabletop exercise for one year following the actual events. Again, written documentation of these events and procedures is required.
Maintain Compliance with CMS
Being compliant with the September 30, 2019 final rule is a requirement for your facility’s Condition of Participation (CoP) / Condition for Certification (CfC) with CMS. Failure to comply, even during a pandemic, could thus have significant impact on your organization. The youCompli compliance management software is a powerful tool to help mitigate risk and enable your hospital to effectively implement these, and many other, regulatory requirements. The software is easy to use and quick to deploy, and can be a powerful means to drive efficiencies through your compliance department.
See YouCompli in Action
Easier, faster, more effective compliance is possible
It’s become a cliche, especially in healthcare, to say that COVID-19 has changed “everything”. One thing that has clearly changed, however, is hospital finances.
Pandemic response stretched every healthcare system in the United States, many to the breaking point. Revenues from non-COVID procedures were significantly reduced, to the point that furloughs of vital medical staff have become necessary.
In this environment, compliance professionals have an important role to play. Ensuring that all payment compliance regulations are being followed helps to protect existing revenue streams, and helps to get the system back on a strong financial footing. As hospitals are getting “back to normal” and trying to find ways to bolster their budgets, good compliance practices are vital.
Outstanding Payments and Patient Insurance
In-hospital treatments declined during the pandemic; however, virtual health visits significantly increased. It’s crucial to continuously monitor payment compliance practices, which include patient insurance information, especially when offering this new treatment vector.
Pre-pandemic, the number of Medicare patients increased by 11 million since 2014, and at least 37 states expanded Medicare eligibility in 2019. While it’s hard to say where Medicare coverage will go as government budgets also come under pressure, these numbers could mean that some outstanding medical bills may be covered.
Historically, about 1% to 5% of self-pay accounts, or patient out of pocket costs, are written off by hospitals as bad debt. Checking and double-checking that your institution has the right information about patients, now and going forward, can be a key step in keeping the hospital financially strong.
The number of uninsured patients has continued to grow — by 12% towards the last months of 2017, and 27 million Americans have lost their employer-provided insurance during the pandemic. Overall, improving payment compliance practices in relation to insurance is an important step in effectively managing these, and other, challenges with patient payment balances.
Reducing Readmission Rates and Penalties
If your hospital serves Medicare and Medicaid patients, you probably know the high number of readmissions that occur in typical months. Readmissions that take place within 30 days of an initial visit cost hospitals a staggering $41.3 billion. In a post-COVID world, these patterns may not hold — but that could mean that readmissions are going to go up, not down.
CMS instituted several programs to try to manage these readmission challenges.
- The Hospital Readmissions Reduction Program (HRRP): rewards hospitals for lowering readmission rates for common health conditions like heart attacks, pneumonia, COPD, and total hip and knee replacement surgery
- The Hospital-Acquired Condition Reduction Program (HACRP): encourages a reduction in avoidable infections resulting from colon surgeries and hysterectomies, bedsores, sepsis, and even blood clots
Hospitals with, according to CMS, higher than average readmission rates face steep penalties and lower claims reimbursement. In the fiscal year 2020, pandemic notwithstanding, 83% of the 3,300 hospitals in the U.S. were projected to face penalties. And these penalties can be as high as a 3% reduction in repayment. Across the United States, CMS penalizes the worst-performing hospitals with a 1% reduction in total claim reimbursement.
As hospitals reopen and restart regular procedures and treatment, and try to rapidly scale revenue generation, more hospitals may face penalties, if compliance practices are not strong. Surprisingly, at least 12% of readmission cases of readmission cases are preventable, according to the Medicare Payment Advisory Commission (MedPAC).
Two ways hospitals can comply with CMS’ regulations and boost patient care are:
- Embrace a process that sends discharge summaries to the primary care physician
- Assign staff follow-up on post-discharge test results.
Setting up such a process can be tricky, especially in larger hospital facilities and in facilities that are still challenged in the aftermath of COVID. Medical staff need to be able to consistently and quickly assign, track, and review summaries and test results.
Monitoring each step of the process is necessary to ensure that your organization is taking the proper steps to adhere to Medicare and Medicaid requirements. That way, your hospital easily avoids significant penalties while boosting patient care. CMS also recommends that hospitals be on the lookout for hospital-related illnesses, which can derail patient care standards.
What You Can Do
Staying on top of the ever-changing world of CMS regulations isn’t easy, especially as we emerge from the pandemic crisis. But we can help by providing you with expert advice and tools that target the regulations and policies needed to run your hospital compliance program more effectively.
Our fully customizable software helps you and your revenue cycle team stay on top of every regulation, so you’ll have the best possible chance of meeting essential mandates, keeping cash flowing and avoiding penalties.
See YouCompli in Action
Easier, faster, more effective compliance is possible
Do you treat patients insured by Medicaid or Medicare at your hospital? While participation is voluntary for for-profit healthcare systems, accepting Medicaid and Medicare patients is a condition of federal tax exemption for non-profits. Currently, Medicare and Medicaid account for more than 60 percent of care provided by hospitals making it nearly impossible for healthcare systems to forgo these programs.
So, if the stark reality is that you must participate, compliance becomes an issue. And it’s complex. Especially for hospitals that have multiple outpatient locations and inpatient campuses. Under Medicare provider-based rules, it’s not possible to certify just part of the system. When you consider there’s nearly a 500-page certification process, it’s clear that it’s crucial to have effective compliance tracking.
An effective compliance program is multi-faceted and includes monitoring and auditing, legal reviews of procedures and contracts, reporting mechanisms as well as training for employees. Healthcare systems are multi-faceted too with labs, pharmacies, rehabilitation centers, clinics, surgery centers and more. Keeping on top of compliance not only to effectively report but to identify and then prevent misconduct before it balloons into a much bigger problem is anything but easy.
The Centers for Medicare & Medicaid Services has attempted to streamline information into quarterly updates for providers, suppliers and the public. While this helps curate the information and updates to regulations, management and oversight of compliance and putting these regs into practice represents an enormous task for each healthcare system. The distance between knowing and doing can be vast when providers are juggling regulations alongside providing quality patient care. Maintaining oversight of not just the Medicare and Medicaid federal regulations, but compliance with other state and local regulations is required.
The regulatory landscape continues to be muddled with additional requirements to safeguard privacy and to fight fraud and abuse today. Since governing bodies are vigilant about fighting fraud, your compliance process needs to be tight or you’ll risk criminal charges, fines and even the possibility of losing licenses. Every state has its own Medicaid Fraud Control Unit (MFCU), typically as part of the State Attorney General’s office. When your compliance tracking system is thorough, the auditing process and working with your MFCU becomes simpler.
Streamline Compliance Tracking
If your hospital is juggling Medicare and Medicaid payment compliance along with all the other mandates and reporting requirements, it can easily get overwhelming. But, it doesn’t have to be that way. Solutions such as youCompli’s compliance system monitors and translates Medicare and Medicaid regulations for easier understanding. Then, it helps you track and oversee your hospital’s compliance.
If you’re ready to take the headache out of Medicare and Medicaid compliance, it’s time to see what a compliance management system can do for you. Schedule a call today where you can see how our risk management software can support your healthcare system’s compliance program.
(Check out our latest update on emergency preparedness, based on the 2019 final rule.) The motto of the Boy Scouts is Be Prepared. On September 16, 2016 the Centers for Medicare and Medicaid Services (CMS) made Be Prepared a law. CMS published a final rule relating to new federal emergency preparedness requirements. This rule impacts seventeen […]Continue reading